Jump to content
Not connected, Your IP: 3.145.155.149
nkjueawfh

[Android] Eddie does not reconnect after losing connection

Recommended Posts

I've been trying out Eddie for Android (Pie) for a couple of weeks now. As you may now, starting with Android Oreo, Android has a built-in VPN leak protection that works flawlessly. No connection outside of the VPN tunnel is allowed.

 

The problem is that when Eddie loses its connection, it does not even attempt to reconnect. It just sits there with a silent error message, and you may be completely unaware of it. Why doesn't it just reconnect? OpenVPN for Android does it without any issues, but is otherwise clunky to use, unfortunately.

 

Again, it's fine that Eddie blocks non-VPN connections, but why not automatically reconnect to a VPN server, when the internet is reachable again?

Share this post


Link to post

Hello!

 

The VPN lock is the only safe way to prevent traffic leaks in specific circumstances. The feature can anyway be disabled in the Settings, if your threat model can tolerate traffic leaks. In this way Eddie will behave similarly to all the other OpenVPN based apps, trying to re-connect as soon as possible in any case with potential, unavoidable leaks.

 

Eddie will anyway re-connect to the server whenever doing so will not expose the device to traffic leaks (i.e. the tunnel was not destroyed), even when the VPN lock feature is on.

 

EDIT: please note that the Android Oreo (and higher versions) options you mention are not aimed to prevent leaks in various circumstances.

 

Kind regards

Share this post


Link to post

Eddie will anyway re-connect to the server whenever doing so will not expose the device to traffic leaks (i.e. the tunnel was not destroyed), even when the VPN lock feature is on.

 

EDIT: please note that the Android Oreo (and higher versions) options you mention are not aimed to prevent leaks in various circumstances.

 

Kind regards

 

Thanks for the reply. I'm not entirely sure why me disabling and reactivating the VPN connection is more secure than the app doing these steps automatically. Also, I have never read before about the possibility for leaks with the actual Android leak protection activated.

 

Mind you, I am NOT talking about the way Google initially added it, when only the "Always-On VPN" option was available. This iteration was indeed leaky. I'm talking about the later Android patch which also included the "block all non-VPN connections" option to the same menu, which I've personally never seen fail and never heard or read about it failing. If you've found this feature to fail, you should probably report it to Google.

Share this post


Link to post

Thanks for the reply. I'm not entirely sure why me disabling and reactivating the VPN connection is more secure than the app doing these steps automatically. Also, I have never read before about the possibility for leaks with the actual Android leak protection activated.

 

Hello!

 

Simply because when you are the one to decide when to unlock, you can first terminate those app which must not have their traffic outside the VPN according to your threat model.

 

 

Mind you, I am NOT talking about the way Google initially added it, when only the "Always-On VPN" option was available. This iteration was indeed leaky. I'm talking about the later Android patch which also included the "block all non-VPN connections" option to the same menu, which I've personally never seen fail and never heard or read about it failing. If you've found this feature to fail, you should probably report it to Google.

 

 

Yes, we are talking about the same. There's nothing to report, the option works as expected. It's you that you're asking it for what it can't (and did not promise to) do, i.e. block the traffic unconditionally, if we understand correctly what you want. The "Block connection ..." new sub-option under "Always on" blocks traffic of the unregistered (to the VpnService API) applications while the tunnel is non-existing. All the traffic of the registered to the service applications is not blocked as well as the traffic (outside any tunnel) during all the time necessary to rebuild a tunnel and connect.

 

Eddie leaves you the freedom of choice according to your threat model. If the "Alway on" + "Block connections..." are not a hazard for your threat model, then you can disable VPN lock in Eddie. On the contrary, if you can't allow the risk of traffic flowing outside any tunnel in aforementioned cases, then enable Eddie "VPN lock".

 

Finally, always remember that, even while the tunnel is up, in an Android device leaks are ALWAYS possible by applications running with high privileges (typically Google and system manufacturer software), trivially by binding to the physical network interface . Such leaks could be theoretically prevented only with the correct packet filtering table rules, which you can't modify if you're not root (that's why Eddie leaks prevention is a "best effort").

 

The same happens in iOS where Apple. by policy, reminds you that Apple applications will bypass whenever they want any VPN and exchange data outside the VPN tunnel without warning you.

 

Kind regards

Share this post


Link to post
I am currently testing AirVPN for Android.

I recognized the following:

- Killswitch is NOT working!

Connection was simply interrupted, allegedly blocked AirVPN and I get wonderfully on the Internet, although Killswitch is enabled under Settings.

- hardly any connections to any servers. Swiss people do not work, like everyone else, what works are the Dutch servers.

- Connection protocol.

I have explicitly enabled TCP and still I am connected via UDP.

Android Version 9

Share this post


Link to post

@stryjenKN

15 hours ago, strykenKN said:
I am currently testing AirVPN for Android.

I recognized the following:

- Killswitch is NOT working!
[...]


 

Hello!

Unfortunately none of the issues you report is reproducible in our Android 9 systems. Can you please provide us with Eddie log taken after the problem has occurred? If possible, could you also get a logcat?

Kind regards

Share this post


Link to post

I'll do that, I have to find out how it works. First of all I have to take care of your Eddie for Windows, because there are also considerable problems and I have almost no connections to your servers! You got mail for that. Then contact me again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...